www-apache-bugdb mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Marc Slemko <ma...@znep.com>
Subject Re: mod_auth-any/863: Server bypass .htaccess files authorization configuration in access.conf file.
Date Mon, 14 Jul 1997 16:10:01 GMT
The following reply was made to PR mod_auth-any/863; it has been noted by GNATS.

From: Marc Slemko <marcs@znep.com>
To: Quynh-Giao Tran <giao@r2d2.ed.gov>
Subject: Re: mod_auth-any/863: Server bypass .htaccess files authorization configuration in
access.conf file.
Date: Mon, 14 Jul 1997 10:10:48 -0600 (MDT)

 
 On Mon, 14 Jul 1997, Quynh-Giao Tran wrote:
 
 > 
 > I am sorry if I was unclear before.  I have the latest version (1.2.1)
 > installed on our server.  My document root is /ftp/www.  I wish to limit
 > user access to /ftp/www/Program/setform directory by creating a .htaccess
 > file in that directory.  The .htaccess is as follows:
 
 This is really a configuration question and, as the instructions clearly
 say, the bugdb is for bugs not configuration questions.
 
 > 
 > AuthUserFile /usr/local/etc/httpd/conf/priv.passwd
 > AuthName Vader 
 > AuthType Basic
 > 
 > <Limit FORM POST GET>
 > order deny,allow
 > deny from all
 > allow from ed.gov dsti.com
 > require user setform
 > </Limit>
 > 
 > To test the .htaccess file, I remove the "allow" line completely and I
 > was still able to access the /ftp/www/Programs/setform
 > (http://vader.ed.gov/Programs/setform/) directory.  If I use the same
 > .htaccess file and put it under my home directory
 > (/export/home/giao/public_html), then it would work.
 
 The answer to why this doesn't work is below in the other section you
 quote.  You have an "AllowOverride None" for that directory, which
 prevents you from using .htaccess files for doing anything.
 
 > 
 > Next, I tried to put move the configuration from the .htaccess file to
 > access.conf file.  Below is my access.conf file:
 > 
 > 
 >    <Directory /ftp/www>
 >    Options Indexes FollowSymLinks
 > 
 >    AllowOverride None
 > 
 >    order allow,deny 
 >    allow from all
 > 
 >    </Directory>
 > 
 >    <Directory /usr/local/etc/httpd/cgi-bin>
 >    AllowOverride None
 >    Options None
 >    </Directory>
 > 
 >    <Location /ftp/www/Programs/setform>
 
 If you use a Location directive, it acts as a Location directive.  That is
 different from a Directory directive.  Please read the manual for details.
 
 > 
 >    AuthUserFile /usr/local/etc/httpd/conf/priv.passwd
 >    AuthName Vader 
 >    AuthType Basic
 > 
 >    <Limit POST GET>
 >    order deny,allow
 >    deny from all
 >    allow from ed.gov dsti.com
 >    require user setform
 >    </Limit>
 > 
 >    </Location>
 > 
 

Mime
View raw message